This advanced hands-on course picks where “Top 10 Web Threats” left off – namely to deepen the understanding of the top vulnerabilities and to broaden the scope of vulnerabilities that are discussed.

The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.

The advanced course additionally includes exercises in which participants in turn attempt to fix and attack particular implementations. Heavier focus is placed on labs.

The goal of this course is to prepare developers for dealing with real-world sophisticated attacks, so they can properly design and code in order to deliver a resilient and secure product.

The course includes free access to an interactive online exercise environment for one week, following the course’s completion.

Course agenda:

Advanced SQL & NoSQL Injection

Advanced XSS & HTML-only Injection

Server-side request forgery

XML Injection

Advanced CSRF Examples & Labs

OpenID & OAuth

Integer security

Basics of Secure Coding

Ideal for:Web front-end and back-end developers, software engineers and architects that have a good grasp on development processes but have had no specific training in security. Also appropriate for mobile developers working on hybrid and/or pure Web platforms.

Participants should bring a laptop/tablet device with a modern browser. Keyboard is not required, but is highly recommended. A browser different than Google Chrome is required for some of the exercises (Reflected XSS).

Certificate: Upon successful completion of the course, attendees will receive a certificate from ESI CEE.